yada
mada
Microsoft's Windows 10 'Fall Creators Update' introduced "Controlled Folder Access" (CFA). CFA allows for giving specific executable files permission to do things. Although we are glad this functionality now exists, Microsoft's documentation for this new security measure is non-existent and the implementation is cumbersome. Controlled Folder Access is part of Windows Defender Security Center (WDSC). It is important to note that WDSC is NOT the same as Windows Defender Anti-Virus (which is often referred to just as Windows Defender).
In the past, when installing a program or app from the web, one would do this: 1. Download the app's 'installer' file to the downloads folder 2. Double Click the installer file in the downloads folder 3. Launch the app by clicking the apps icon or apps main exe file The new CFA method requires giving permissions for both the installer .exe file and the app's main .exe file. In other words, a two stage authorization process. Now, we have to do this: 1. Download the app's 'installer' file to the downloads folder 2. Set permissions via CFA for the installer 3. Double Click the installer file in the downloads folder 4. Set permissions via CFA for the App's main .exe file 5. Launch the app by clicking the apps icon or apps main exe file
So, how do you grant permissions via CFA? The first thing we need to do, before downloading anything , is to open the Windows Defender Security Center's Panel titled 'Allow an App through Controlled Folder Access'. (Shown below under item 8) Once opened, we will leave it open - because we will need to use it twice - once for the downloaded installer file, and again for the app's .exe file. To get to the 'Allow through CFA Panel we need to do this: 1. Right Click the Win Logo on the Task Bar, then click Settings Show Me Tip: pressing keyboard's Windows Key & letter I together will open Settings 2. Click Update & Security Show Me 3. Click Windows Security Show Me (On older releases of W10 this may say Windows Defender) 4. Click Open Windows Defender Security Center Show Me 5. Click Virus & Threat Protection Show Me 6. Click Virus & Threat Protection Settings Show Me 7. Scroll down to Controlled Folder Access and Click on Manage Controlled Folder Access (if it exists) Show Me (W10 older versions required clicking on CFA & then 'Manage CFA' Newer versions just have Manage CFA) 8. Click Allow an app through Controlled Folder Access Show Me You should now be looking at something that resembles this: Clicking 'Add an allowed App' opens a Windows file explorer dialog box. Show Me
Now that we have CFA loaded, we can go ahead and download the installer file. Important - Wait for it to fully download. Once the download is complete, click the 'Add an Allowed App' item as shown above. When the File Explorer window to opens, navigate to the Downloads folder and select the installer file you just downloaded. Click 'Open' (actually, it does not open anything). The file should now be listed in the 'Allow an App Through Controlled Folder Access' Panel.
Now that the installer file is approved via CFA, we can run the installer. Most modern browsers have a 'Run' toggle to launch a downloaded installer file. If your browser does not have this ability, simply double click your 'This PC / My Computer' icon on the desktop to open the Windows File Explorer. (if the icon does not exist, use Windows Key + R and enter 'explorer.exe' in the Run Dialog. This will open the Windows file explorer). When the File Explorer window opens, navigate to the 'downloads' folder and double click the downloaded installer file. Allow the installer to finish it's work. Once complete, it will likely place icons on you desktop.
Main app's .exe file At this stage we need to give permissions to the apps main executable file via 'Add an allowed App'. This is the second stage of the two stage process.
How do we find the apps main executable file? For RISC Analysis, the main app executable file (.exe file) is 'Msaccess.exe' This is located in the C:\MS_Access97_Runtime\ folder. Show Me For a program such as Google Chrome or Mozilla FireFox, the main app's .exe file will likely be in sub folder off of 'C:\Program Files (x86)\ as follows C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Show Me C:\Program Files (x86)\Mozilla Firefox\firefox.exe Tip: You can find the app's main .exe path and file by right clicking the desktop icon and selecting Properties. The path and .exe will be on the shortcut tab. Show Me
Once you know the location of the main app's .exe file, again Click 'Add an allowed App' Navigate to the app's folder and select the exe file. The image below shows Controlled Folder Access with CFA approved for the installer files and main app .exe files for RISC Analysis, Google Chrome, and Mozilla FireFox At this stage, you can go ahead and run the app.
...
Close


Click the Update & Security Link
Close


Click on Windows Security
Close


Click on Open Windows Defender Security Center

Tip: You can shortcut this by using the Windows 'Run' Dialog Box.
Press the Keyboard's Windows Key together with the letter 'R'.
This will open the Run Dialog. 
Copy and paste the line below, (including the trailing colon) and press Ok
%windir%\explorer.exe windowsdefender:
You can also use the above to create a desktop shortcut and pin it to the taskbar.


Close


Click on Virus & Threat Protection
Close


Click on Virus & Threat Protection Settings
Close


Click on Manage Controlled Folder Access
Close


Click Allow an app through Controlled Folder Access
Close



Select the Installer file to be given CFA Permissions.

In this shot, we have installers for Google Chrome, FireFox and RISC Analyisis
(they are all in the downloads folder)
Close



Main app .exe file for RISC Analysis

Close



Main app .exe file for Google Chrome

Close



Finding the main app .exe file via desktop icon properties

Right Click the desktop icon and select Properties